locked
Insufficient SQL database permissions for user 'Name: NT AUTHORITY\IUSR SID: S-1-5-17 RRS feed

  • Question

  • Dear All,

     

    My farm is two servers farm one for SQL Server 2008 R2 Ent and another for SharePoint Server 2010 Ent installed. Not every day but some days  I found the following error on Event Viewer of SharePoint Server machine. Can any body help me to sovle this issue?

     

     

    Insufficient SQL database permissions for user 'Name: NT AUTHORITY\IUSR SID: S-1-5-17 ImpersonationLevel: Impersonation' in database 'SharePoint_Config' on SQL Server instance 'SQL_Srv'. Additional error information from SQL Server is included below.

     

    The EXECUTE permission was denied on the object 'proc_GetProductVersions', database 'SharePoint_Config', schema 'dbo'.

     

    Log Name:  Application

    Source:  SharePoint Foundation

    Event ID:  5214

    Level :  Critical

    User:  NT AUTHORITY\IUSR

    Task Category:  Database

    Computer:  SQL_Srv.bd.net.local

     

     

    Thanks in advanced,


    shofiq
    Monday, May 16, 2011 11:13 AM

Answers

  • Hi,

    It seems that an anonymous user is trying to do some things on your SharePoint environment. First validate where this user is coming from, because normally there won't be a IUSR to need permissions on SQL Server and on the SharePoint_Config db.

    Regards

    Monday, May 16, 2011 12:18 PM

All replies

  • Hi,

    It seems that an anonymous user is trying to do some things on your SharePoint environment. First validate where this user is coming from, because normally there won't be a IUSR to need permissions on SQL Server and on the SharePoint_Config db.

    Regards

    Monday, May 16, 2011 12:18 PM
  • Dear Andre,

    Thank you for your reply. I am not that much sound in validating where the IUSR is coming from. It seems that your detail guidance may help me to solve this issue.

    Thanks once again,

     

     


    shofiq
    Wednesday, May 18, 2011 4:59 AM
  • Hi,

    It seems that an anonymous user is trying to do some things on your SharePoint environment. First validate where this user is coming from, because normally there won't be a IUSR to need permissions on SQL Server and on the SharePoint_Config db.

    Regards


    I don't think it's necessarily an anonymous user.  I have Kerberos configured on my production farm and I am actually seeing the same error with a real AD user (who would have no idea what a SQL Server is if I dropped it on her desk).  But she's denied access to the configuration database, and to the same 'proc_GetProductVersions' stored procedure.

    The 5214 error says that this request is impersonating the credentials of the user.  So, is SharePoint trying to do this automatically?  This smells like a bug.

    This error showed up around the time a couple of people (she might have been involved, I haven't found out yet) were trying to import an Excel spreadsheet (which may have triggered a crash of the PowerPivot service and a whole bunch of "System.ServiceModel 3.0.0.0" errors , as described here: http://powerpivotgeek.com/2010/10/24/installation-error-system-io-fileloadexception-loading-this-assembly-would-produce-a-different-grant-set-from-other-instances/)

    The 5214 error could have been part of the sequence of events that led up to the crash of PowerPivot.

    An IISRESET resolved the System.ServiceModel errors and I haven't seen anymore 5214 events since then, but I will keep my eyes open.

    • Edited by poortatey Friday, August 19, 2011 1:05 AM More info
    Friday, August 19, 2011 12:58 AM
  • In order to resolve the issue, I provided Execute permission to the database role “WSS_Content_Application_Pools” into the stored procedure “proc_GetProductVersions”. I performed the following steps to do this.

    1. In the database server, expand SharePoint Config database and naviage to Programmability/Stored Procedures/dbo.proc_GetProductVersions using SQL Server Management Studio.
    2. Right click on the above stored procedure and select Properties.
    3. On the popup screen, select Permissions on the left and click Search button.
    4. On the new popup screen, click Search, select [WSS_Content_Application_Pools] database role and click OK.
    5. Click OK again.
    6. On the first popup screen, select the role, check Execute permission and click OK.

     

    http://sajiviswam.wordpress.com/2011/05/24/the-execute-permission-was-denied-on-the-object-proc_getproductversions-insufficient-sql-database-permissions-for-user/


    Regards Sudip Misra sudipmisra@hotmail.com +1-412-237-5435 Pittsburgh, PA
    • Proposed as answer by Sudip Misra Thursday, December 15, 2011 9:56 PM
    Thursday, December 15, 2011 9:56 PM